CIA shadowed a black hat hackers’ conference in order to develop their Sonic Screwdriver Mac exploit

In the second batch of ‘Vault 7’ documents Wikileaks released a user guide for Sonic Screwdriver – an implant on the Apple Thunderbolt-to-USB converter that allows code to be booted onto an attached device, even if the device is password-protected.

Alongside the obvious conclusion from its name that someone at the CIA is a huge Doctor Who fan, it reveals some pretty significant CIA capabilities. It means that the CIA is able to infect the firmware of Mac laptops, the absolute bare bones of the system described as “a trojan horse of monumental proportions” by Ubuntu founder Mark Shuttleworth. Regardless of password protection, it enables intelligence agents to create a permanent and irreversible vulnerability simply by plugging-in an official Apple adaptor that contains the bug.

However, the ideas for this software were not organically thought-up at the offices of the CIA; if you look at a quick history of the vulnerability in question it becomes clear that the CIA followed developments at a conference of ‘black hat’ hackers and implemented their ideas into their own work.

Sonic Screwdriver makes use of an exploit to the Apple Thunderbolt interface that was first revealed at Black Hat USA in 2012 by the security researcher known as snare. This exploit was then practically implemented by a hobbyist electronic engineer and security researcher called Trammell Hudson. He named the boot kit he created ThunderStrike.

Hudson’s ThunderStrike and the CIA’s Sonic Screwdriver are very similar, however due to the timeline of the CIA’s development of Sonic Screwdriver Hudson believes that it is unlikely that the CIA copied his techniques. He does however believe that the CIA saw Snare’s slideshow at Black Hat USA and ‘took six months to weaponise and package it for use’.

He published a blog post after Wikileaks released the Sonic Screwdriver user guide detailing how he believes the CIA implemented a method of exploiting the vulnerability highlighted at Black Hat 2012, very similar to the way he did.

Although it is pretty obvious that American intelligence agencies routinely monitor the world of hacking and cybercrime, this is the first case that suggests there exists a two-way relationship – the CIA learn from so-called ‘black hats’ alongside being committed to shutting them down.

To put it another way; there are potentially thousands of hackers and software engineers, amateur or professional, operating illegally or legitimately who are unknowingly contributing to CIA research and development.

While most reporting on the ongoing Vault 7 leaks has portrayed the CIA as an omnipotent body with immense abilities, it’s important to point out that in many cases the CIA are not ‘on the cutting edge’ of this field but mostly act as voyeurs who implement the techniques that they find through their snooping.

Much of the software that is being used to infiltrate the devices of the public may have partially been developed by 12-year-old Romanian amateur hackers, who take breaks from filming Youtube Minecraft tutorials to reverse engineer their smartphones for fun. Or perhaps even cyber-vigilantes who are dedicated to the cause of exposing gaps in the security of popular gadgets, unaware that their research is being exploited by the deep state that they resent so much.

Some of the software that Vault 7 has exposed is deeply concerning and very important, but we should not be in awe of the technological sophistication of the CIA . They achieved as much of their arsenal of cyber weapons through brute force – mass espionage – as they did through careful development.

If you want an example of the professionalism of CIA staff, read through some of the comments on their departmental wiki: